One of the widget plug-ins I use in this blog is one that gathers the URLs people use to access content here and that result in a 404 Not Found error. Those erroneous URLs get logged and, as admin, I can view them through the widget’s UI. The widget was written by an old mate, Scott Cate, for the GriffitiCMS blog engine (sorry, “CMS” engine), which is what I use here. He gave me the code a couple of years back and I’ve extended it a little to be able to clear the logs of the 404 errors. I do this perhaps once a week on average, because it just gets too depressing.
Here’s the latest report from the past week or so. As you can surmise, knowing that this blog is not WordPress, the 404 report is full of script kiddies trying their best to ferret out WordPress hackable security holes, by searching for the
wp-admin folder among others. Either that or some PHP defect or other, which probably amounts to the same thing. (Aside: the first number in each line is the number of times the URL was accessed, the second is the numbers of distinct referral URLs. In this report, it so happens the referrals are other “not found” URLs.)
All I’ve got to say is: if you are running a WordPress site, just make sure it’s always patched, plug-ins and all. Your site is also being probed like mine and if there’s a flaw, it will be found with these automated scripts.
As I said, depressing.